headers
Norma Snockers | 16 Mar 21:33
Picon
Favicon

Plugin 20148 Query - Netbackup Agent Detection

Hi,
 
apologies if this is the wrong place to query this.
 
Nessus plugin 20148 gives the scenario:
 
The remote host is running the VERITAS NetBackup Java Console
service.
This service is used by the NetBackup Java Console GUI to
manage the backup server.
A user, authorized to connect to this service, can use it as
a remote shell with system privileges by sending
'command_EXEC_LIST' messages.
 
With a risk factor of 'none'.
 
Would a kind person please explain a little further - which versions are vulnerable, if 'all' then is this an inherent functionality that cannot be removed, and if why is the risk none?
 
If an authorised user connects to the java service then how is that achieved, does that user have to have system privileges in which case I can see how the risk is 'none', or the service have a 'normal user' service account, in which case the risk could be something if the credentials of the service account are compromised.
 
Sorry to be noobish and lack of experience of the product does not help, but Google hasn't helped much and this question did not appear on any searches I tried.
 
Is there an example of what can be achieved so that I can evaluate in a test environment?
 
I've probably overlooked the obvious but happy to be shot down to be told :)
 
Many thanks.

Share your photos with Windows Live Photos – Free. Try it Now! 
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 1 comment |
headers
kalin m | 14 Mar 05:59

pci plugins....


hi all...   i used to use nessus at my old job (currently unemployed)...   it was pretty cool.

now i had to get some license (?!?)

the thing is the email came with the 'license' and the following explanation on how to use it:
To activate your account, open the program 'Nessus Server Manager' located under /Applications/Nessus/ and enter your activation code in the program. after a while of trying to figure out how/where to "enter" the code "in the program" - there is no prompt or anything, and no menu option - i just found the bin under Library and did the command line activation. passed that it took a while to get the new plugins. but still the plugins from the demo video are not there.
there are some PCI audit pluggins i'd like to use. excuse me, test...  it's not 'over a network'...  cause you know, now that is, and i quote, "strictly prohibited". like it's a felony or something to try to figure out if your own machine is pci complient...

does anybody know where can i get those? i'd appreciate very much.

thanks....
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 8 comments |
headers
Jim Kelly | 4 Mar 18:45

Re: Nessus Digest, Vol 65, Issue 1

WinXP and win2k3 won't let you authenticate with local admin over a  
network.

Jk

Sent from Jim's iPhone

On Mar 4, 2009, at 12:00 PM, "nessus-request <at> list.nessus.org" <nessus-request <at> list.nessus.org 
 > wrote:

> Send Nessus mailing list submissions to
>    nessus <at> list.nessus.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://mail.nessus.org/mailman/listinfo/nessus
> or, via email, send a message with subject or body 'help' to
>    nessus-request <at> list.nessus.org
>
> You can reach the person managing the list at
>    nessus-owner <at> list.nessus.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nessus digest..."
>
>
> Today's Topics:
>
>   1. RE: Unable to get Nessus to run local checks on Windows
>      servers (Jones, David H)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 3 Mar 2009 11:07:48 -0600
> From: "Jones, David H" <Jones.David.H <at> principal.com>
> Subject: RE: Unable to get Nessus to run local checks on Windows
>    servers
> To: "Hart, Lee Anne (AHRQ/IOD)" <LeeAnne.Hart <at> AHRQ.hhs.gov>,
>    "nessus <at> list.nessus.org" <nessus <at> list.nessus.org>
> Message-ID:
>    <18E3472326219848899E4980BFE573B32B820E10 <at> PFGDSMMBX001.principalusa.corp.principal.com 
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Some time near the end of 2008, it seems that Microsoft "patched"  
> something that changed the behavior of SMB access to remote  
> registries.  The team that handles Windows/AD at the company I'm at  
> spent about a week trying to figure out what the issue was.  We also  
> used to use a local admin account and connect remotely to servers,  
> but it no longer works.  It seems that in an AD environment, one  
> must use an AD account to access remote registries.
>
> We eventually moved down the path of having a domain account created  
> for nessus to use, and when a scan is needed, a server admin will  
> drop the AD account in to the local admin group.  This solved our  
> access/scanning issue, but it doesn't make ad-hoc scanning any  
> easier.  However, it was a suitable compromise between complete  
> failure, and a full admin level AD account.
>
> There's more info out there in the exact technical details, but I  
> dealt with this last several months ago, and all that info has  
> fallen out of RAM.
>
> Hope that helps at least.
>
>
>
>
> David Jones
> Principal Financial Group
> I/S Information Security
> 711 High Street
> Des Moines, IA 50392-0257
>
> Email:  jones.david.h <at> principal.com
> Phone:  515.362.2224
>
> -----Original Message-----
> From: nessus-bounces <at> list.nessus.org [mailto:nessus-bounces <at> list.nessus.org 
> ] On Behalf Of Hart, Lee Anne (AHRQ/IOD)
> Sent: Thursday, February 19, 2009 10:00 AM
> To: nessus <at> list.nessus.org
> Subject: Unable to get Nessus to run local checks on Windows servers
>
> Hello,
>
>
>
> I'm having trouble determining why the SMB credentials I've  
> configured are not able to login and run the local checks on our  
> Windows 2003 SP 2 servers. I can login using the same credentials  
> over remote desktop but the Nessus scans gets locked out. I have  
> ensured the user name and password is correct and that the account  
> is part of the local admin group.  We do not control the domain so I  
> cannot get a domain account. Will a local admin account work?
>
>
>
> Thanks,
>
> Lee Anne
>
>
>
> -----Message Disclaimer-----
>
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable  
> law.
> If you are not the intended recipient, any dissemination,  
> distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to Connect <at> principal.com and delete or destroy all  
> copies of
> the original message and attachments thereto. Email sent to or from  
> the
> Principal Financial Group or any of its member companies may be  
> retained
> as required by law or regulation.
>
> Nothing in this message is intended to constitute an Electronic  
> signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this  
> message.
>
> While this communication may be used to promote or market a  
> transaction
> or an idea that is discussed in the publication, it is intended to  
> provide
> general information about the subject matter covered and is provided  
> with
> the understanding that The Principal is not rendering legal,  
> accounting,
> or tax advice. It is not a marketed opinion and may not be used to  
> avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to  
> legal,
> tax, or accounting obligations and requirements.
>
>
>
> ------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus <at> list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
> End of Nessus Digest, Vol 65, Issue 1
> *************************************
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 2 comments |
headers
Ray Van Dolson | 24 Feb 00:28
Favicon

Editing existing nessusrc files?

What's the appropriate way to edit existing nessusrc files?  I
typically like to create a configuration in NessusClient then export it
to nessusrc format so I can call it directly from nessus.

There doesn't seem to be a way to reload this nessusrc file into
NessusClient however for later editing or modification.  The "import"
function does something different -- not exactly clear what. :)

Also, I noticed it's rather hard to drill down and select individual
plugins from the Plugin selection dialog in NessusClient.  If I search
for a plugin ID, it gets selected, but if I then do a subsequent search
for an additional plugin ID it clears out the first selection and only
selects my new search.

How does everyone do their nessusrc editing?  By hand?  Currently I am
using NessusClient to search for plugin ID's I want then modifying my
existing nessusrc file by hand.  Kind of tedious. :)

Thanks,
Ray
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 1 comment |
headers
Richard Puerto | 23 Feb 17:56
Picon

FDCC results

I have run the Windows XP Desktop v.2 audit files on my workstations and have found that many of them are failing because the configuration does not exactly match the configuration in the Nessus audit compliance file.
 
Are the audit compliance files not scripted to be inclusive, meaning that a configuration on the target host can be stricter than what FDCC requires, with out it showing up as a failure in the compliance scan?
 
Richard
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 1 comment |
headers
mclean_security | 21 Feb 22:51
Picon

plugin updates fail


When I try to update my plugins, I get "Update failed to finish due to a problem" almost immediately after starting.

Is there a log I can check to see the full message?

I have been successful in the past downloading plugins.

 

Thanks,

MRM

_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 0 comments |
headers
Ray Van Dolson | 18 Feb 23:56
Favicon

Plugin to detect domain membership?

Anyone have a quickie script to confirm domain membership based on the
SMB credentials provided?

Looks like I might be able to make use of plugin 10394 for this, but
maybe someone already has something ready for use.

Thanks,
Ray
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 6 comments |
headers
Edgar Vargas | 18 Feb 21:18

SLES9/SP4 OpenSSL 0.9.7d and NESSUS

Hello,
 
 
We are looking to upgrade some of our Enterprise environments and wondering if there are any issues running NESSUS 3.x on SLES9/SP4 with OpenSSL 0.9.7d?
 
 

 

thanks

 

Edgar 

_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 0 comments |
headers
Chapman, Ralph H | 18 Feb 16:08

DHHS FDCC audit policies

DHHS has not described their modifications to the FDCC audit
requirements in a SCAP compliant XCCDF format. 

So, how do I create a XCCDF file that can be later converted using xTool
to an .audit file?

Thanks,
Ralph Chapman, 

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information or otherwise protected
by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 1 comment |
headers
Richard Puerto | 17 Feb 15:22
Picon

False OS X detection with no report info

We have been getting some scan reports that show the host as OS X but then no results information.  It seems that it is happening when the scanner encounters ports on a switch that has port redirection enabled.
 
Does anyone know how to configure Nessus to ignore port redirection or OS X scanning ?
 
Richard
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 1 comment |
headers
Vijay.V2 | 17 Feb 13:38
Favicon

ISA Proxy Scan

Hi,

We are about to run a VA scan on ISA 2006 proxy servers (deployed on Windows 2003) in our environment. Please let us know the availability of Nessus policies (plugins) to test the security of the underlying server and the correctness of ISA setup and configuration.

Thanks in advance.

Kind Regards,
Vijay
Global Infosec Team
Cognizant India

 

 

 

This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful.
_______________________________________________
Nessus mailing list
Nessus <at> list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Permalink | Reply | 1 comment |

Gmane